Patentable/Patents/US-10546131
US-10546131

End-point visibility

PublishedJanuary 28, 2020
Assigneenot available in USPTO data we have
Inventorsnot available in USPTO data we have
Technical Abstract

A system for securing electronic devices includes a processor, a storage medium communicatively coupled to the processor, and a monitoring application comprising computer-executable instructions on the medium. The instructions are readable by the processor. The monitoring application is configured to receive an indication that a client has been affected by malware, cause the client to boot from a trusted operating system image, cause a launch of a secured security application on the client from a trusted application image, and analyze a malware status of the client through the secured security application.

Patent Claims
17 claims

Legal claims defining the scope of protection, as filed with the USPTO.

1

1. At least one non-transitory machine-readable storage medium, comprising computer-executable instructions carried on the machine-readable medium, the instructions readable by a hardware processor, the instructions, when read and executed, for causing the hardware processor to: monitor a plurality of clients for incidences of compromise; and upon detecting an incidence of compromise on one or more of the plurality of clients, for each client: receive an indication that the client, that is a computer that is separate from the hardware processor and that is coupled to the hardware processor using a computer network, has been affected by malware; cause the client to be booted from a trusted operating system image; in response to the client being rebooted from the trusted operating system image: cause a secured security application to be launched on the client from a trusted application image; and cause a malware status of the client to be analyzed through the secured security application to evaluate a cause of the incidence of compromise on the client; cross-reference the indication that the client has been affected by malware with other lowed data to determine an additional indicator of compromise; and query the client to determine whether the client is associated with the additional indicator of compromise.

2

2. The medium of claim 1 , further comprising instructions for causing the client to be booted through a secured module on the client.

3

3. The medium of claim 1 , further comprising instructions for causing the client to be booted through a secured module on the client with a communications channel independent of operating systems of the client.

4

4. The medium of claim 1 , further comprising instructions for causing the client to be configured to monitor for malware to generate the indication that the client has been affected by malware.

5

5. The medium of claim 1 , further comprising instructions for causing the client to be booted from the trusted operating system image from a read-only region of a secured storage device communicatively coupled to the client.

6

6. The medium of claim 1 , further comprising instructions for causing the secured security application on the client to be queried regarding additional indicators of compromise.

7

7. A system for securing electronic devices, comprising: a hardware processor; at least one non-transitory machine-readable storage medium communicatively coupled to the hardware processor; and a monitoring application comprising computer-executable instructions on the medium, the instructions readable by the hardware processor, the monitoring application configured to: monitor a plurality of clients for incidences of compromise; and upon detecting an incidence of compromise on one or more of the plurality of clients, for each client: receive an indication that the client, that is a computer that is separate from the hardware processor and that is coupled to the hardware processor using a computer network, has been affected by malware; cause the client to be booted from a trusted operating system image; in response to the client being rebooted from the trusted operating system image: cause the client to launch a secured security application from a trusted application image; and cause malware status of the client to be analyzed through the secured security application to evaluate a cause of the incidence of compromise on the client; cross-reference the indication that the client has been affected by malware with other lowed data to determine an additional indicator of compromise; and query the client to determine whether the client is associated with the additional indicator of compromise.

8

8. The system of claim 7 , wherein the monitoring application is further configured to cause the client to be booted through a secured module on the client.

9

9. The system of claim 7 , wherein the monitoring application is further configured to cause the client to be booted through a secured module on the client with a communications channel independent of operating systems of the client.

10

10. The system of claim 7 , wherein the monitoring application is further configured to configure the client to monitor for malware to generate the indication that the client has been affected by malware.

11

11. The system of claim 7 , wherein the monitoring application is further configured to cause the client to be booted from the trusted operating system image from a read-only region of a secured storage device communicatively coupled to the client.

12

12. The system of claim 7 , wherein the monitoring application is further configured to query the secured security application on the client regarding additional indicators of compromise.

13

13. A method of electronic device security, comprising: monitoring a plurality of clients for incidences of compromise; and upon detecting an incidence of compromise on one or more of the plurality of clients, for each client: receiving at a hardware processor an indication that the client, that is a computer that is separate from the hardware processor and that is coupled to the hardware processor using a computer network, has been affected by malware; causing the client to boot from a trusted operating system image using the hardware processor; in response to the client being rebooted from the trusted operating system image: causing a launch of a secured security application on the client from a trusted application image using the hardware processor; and analyzing a malware status of the client through the secured security application using the hardware processor to evaluate a cause of the incidence of compromise on the client; cross-referencing the indication that the client has been affected by malware with other logged data to determine an additional indicator of compromise; and querying the client to determine whether the client is associated with the additional indicator of compromise.

14

14. The method of claim 13 , further comprising causing the client to boot through a secured module on the client.

15

15. The method of claim 13 , further comprising causing the client to boot through a secured module on the client with a communications channel independent of operating systems of the client.

16

16. The method of claim 13 , further comprising configuring the client to monitor for malware to generate the indication that the client has been affected by malware.

17

17. The method of claim 13 , further comprising causing the client to boot from the trusted operating system image from a read-only region of a secured storage device communicatively coupled to the client.

Classification Codes (CPC)

Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.

Patent Metadata

Filing Date

April 1, 2016

Publication Date

January 28, 2020

Want to explore more patents?

Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.

Citation & reuse

Analysis on this page is generated by Patentable — an AI-powered patent intelligence platform. AI-generated summaries, explanations, and analysis may be reused with attribution and a visible link back to the canonical URL below. Patent abstracts and claims are USPTO public domain.

Cite as: Patentable. “End-point visibility” (US-10546131). https://patentable.app/patents/US-10546131

© 2026 Patentable. All rights reserved.

Patentable is a research and drafting-assistant tool, not a law firm, and does not provide legal advice. Documents we generate are drafts for review by a licensed patent attorney.